The similarities between WannaCry and previous Lazarus Group attacks were first uncovered by Google security researcher Neel Mehta, according to NPR.

Researchers at U.S.-based security firm Symantec also found possible links between Lazarus and WannaCry. "Symantec identified the presence of tools exclusively used by Lazarus on machines also infected with earlier versions of WannaCry," Symantec wrote in a blog post. "The Lazarus tools could potentially have been used as method of propagating WannaCry, but this is unconfirmed."

But other researchers cautioned against blaming the attack on North Korea without more evidence, Reuters reported. "The similarities we see between malware linked to that group and WannaCry are not unique enough to be strongly suggestive of a common operator," cybersecurity researcher John Miller said.

WannaCry uses two exploits, both believed to have been created by the National Security Agency, to encrypt data on infected machines and "ransom" it back to the machines' owners. "Whoever it is, it looks very much like they are taking advantage of the NSA's tools," Becky Pinkard, a vice president at cybersecurity firm Digital Shadows, told the Financial Times.

So far, the attack has affected machines belonging to the United Kingdom's National Health Service, Spain's Telefónica, FedEx and others.